Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1912
Views
0
Helpful
3
Replies

ICMP fragment

Go to solution
lcaruso
Level 6
Level 6

‎02-10-2011 05:59 PM - edited ‎03-11-2019 12:49 PM

Hi,

For a new install I did today, I'm getting messages from IDS

4    Feb 10 2011    19:54:30        172.X.5.2        172.Y.6.247        IDS:2150 ICMP fragment from 172.X.5.2 to 172.Y.6.247 on interface outside

across a ipsec site-to-site tunnel so the traffic is trusted.

These are older XP workstations.

Any chance it's just a non-compliant TCP/IP stack instead of a real threat?

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎02-10-2011 06:45 PM

It is worth investigating whether the ICMP traffic is actually generated by someone or applications, or it could be a DOS attack generated by an unwanted applications.

If it's actually legitimate ICMP traffic generated by someone or a known applications, then it's not a threat.

Here is more information on signature# 2150:

http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=2150&signatureSubId=0&softwareVersion=6.0&releaseVersion=S2

View solution in original post

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to lcaruso

‎02-10-2011 07:33 PM

Here is the Cisco SIO (Security Intelligence Operations) website which has search function for various vulnerabilities, etc:

http://tools.cisco.com/security/center/home.x

Hope that helps.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎02-10-2011 06:45 PM

It is worth investigating whether the ICMP traffic is actually generated by someone or applications, or it could be a DOS attack generated by an unwanted applications.

If it's actually legitimate ICMP traffic generated by someone or a known applications, then it's not a threat.

Here is more information on signature# 2150:

http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=2150&signatureSubId=0&softwareVersion=6.0&releaseVersion=S2

0 Helpful

Go to solution
lcaruso
Level 6
Level 6
In response to Jennifer Halim

‎02-10-2011 07:29 PM

thanks for the link...didn't know about that section of the website

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to lcaruso

‎02-10-2011 07:33 PM

Here is the Cisco SIO (Security Intelligence Operations) website which has search function for various vulnerabilities, etc:

http://tools.cisco.com/security/center/home.x

Hope that helps.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card